diff options
Diffstat (limited to 'mod/search')
-rw-r--r-- | mod/search/index.php | 34 | ||||
-rw-r--r-- | mod/search/start.php | 3 |
2 files changed, 18 insertions, 19 deletions
diff --git a/mod/search/index.php b/mod/search/index.php index 2927e6616..d62e3be72 100644 --- a/mod/search/index.php +++ b/mod/search/index.php @@ -37,14 +37,14 @@ $custom_types = trigger_plugin_hook('search_types', 'get_types', $params, array( // add submenu items for all and native types // @todo should these maintain any existing type / subtype filters or reset? -$data = http_build_query(array( - 'q' => urlencode($query), - 'entity_subtype' => urlencode($subtype), - 'entity_type' => urlencode($type), - 'owner_guid' => urlencode($owner_guid), +$data = htmlspecialchars(http_build_query(array( + 'q' => $query, + 'entity_subtype' => $subtype, + 'entity_type' => $type, + 'owner_guid' => $owner_guid, 'search_type' => 'all', 'friends' => $friends -)); +))); $url = "{$CONFIG->wwwroot}pg/search/?$data"; add_submenu_item(elgg_echo('all'), $url); @@ -54,14 +54,14 @@ foreach ($types as $type => $subtypes) { foreach ($subtypes as $subtype) { $label = "item:$type:$subtype"; - $data = http_build_query(array( - 'q' => urlencode($query), - 'entity_subtype' => urlencode($subtype), - 'entity_type' => urlencode($type), - 'owner_guid' => urlencode($owner_guid), + $data = htmlspecialchars(http_build_query(array( + 'q' => $query, + 'entity_subtype' => $subtype, + 'entity_type' => $type, + 'owner_guid' => $owner_guid, 'search_type' => 'entities', 'friends' => $friends - )); + ))); $url = "{$CONFIG->wwwroot}pg/search/?$data"; @@ -70,13 +70,13 @@ foreach ($types as $type => $subtypes) { } else { $label = "item:$type"; - $data = http_build_query(array( - 'q' => urlencode($query), - 'entity_type' => urlencode($type), - 'owner_guid' => urlencode($owner_guid), + $data = htmlspecialchars(http_build_query(array( + 'q' => $query, + 'entity_type' => $type, + 'owner_guid' => $owner_guid, 'search_type' => 'entities', 'friends' => $friends - )); + ))); $url = "{$CONFIG->wwwroot}pg/search/?$data"; diff --git a/mod/search/start.php b/mod/search/start.php index 14299b7c6..314aa4710 100644 --- a/mod/search/start.php +++ b/mod/search/start.php @@ -88,7 +88,7 @@ function search_page_handler($page) { */ function search_get_highlighted_relevant_substrings($haystack, $needle, $min_match_context = 15, $max_length = 500) { global $CONFIG; - $haystack = urldecode(strip_tags($haystack)); + $haystack = strip_tags($haystack); $haystack_lc = strtolower($haystack); // // $haystack = "Like merge sort, quicksort can also be easily parallelized due to its " @@ -100,7 +100,6 @@ function search_get_highlighted_relevant_substrings($haystack, $needle, $min_mat // for now don't worry about "s or boolean operators $needle = str_replace(array('"', '-', '+', '~'), '', stripslashes(strip_tags($needle))); - $needle = urldecode($needle); $words = explode(' ', $needle); $min_chars = $CONFIG->search_info['min_chars']; |